Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Microsoft Office security bug

From: aleph1 () DFW NET (Aleph One)
Date: Tue, 11 Nov 1997 21:44:57 -0600

On Tue, 11 Nov 1997, Inigo Gonzalez wrote:


  I am no expert on Win32 / OLE-COM-ACtiveX; but it seems that
this isn't Office Fault; but OLE one's.

  AFAIK, every OLE container is responsible of its own data;
in this case, you tell Word to cipher his own data, and
Excel/Visio/etc... data is not Word bussiness so it's not
ciphered.

  Remember: When you talk to OLE objects, you delegate them
a part of your file + archiving capabilities.


Your are correct. But it matters little. The users expectation is that all
of the document will be encrypted, including any embeded objects.
Obviously this is not the case. How would you feel if you found out that
that your Netscape or IE browser only encrypted the body of email messages
using S/MIME but not any attachments?

Aleph One / aleph1 () dfw net
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01
Previous By Date Next
Previous By Thread Next

Current thread: